Vulnerability Details CVE-2021-23906
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.8%
CVSS Severity
CVSS v3 Score 1.8
CVSS v2 Score 2.1
References
- https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
- https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
- https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866
- https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
- https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
- https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866
Products affected by CVE-2021-23906
-
cpe:2.3:a:mercedes-benz:mercedes-benz_user_experience:-
-
cpe:2.3:a:mercedes-benz:mercedes-benz_user_experience:2021
-
cpe:2.3:h:mercedes-benz:a_220:-
-
cpe:2.3:h:mercedes-benz:a_220_4matic:-
-
cpe:2.3:h:mercedes-benz:e_350:-
-
cpe:2.3:h:mercedes-benz:e_350_4matic:-
-
cpe:2.3:h:mercedes-benz:eqc:-
-
cpe:2.3:h:mercedes-benz:gle_350:-
-
cpe:2.3:h:mercedes-benz:gle_350_4matic:-